In April researchers at Malwarebytes published a report warning that cybercriminals were targeting users of popular Electrum Bitcoin wallet.
In the attack, Cybercriminals netted over a 771 Bitcoins which is equivalent to approximately USD $4 million at current exchange rates.
According to Malwarebytes new blog post now the attackers have launched a series of (DDoS) attack targeting the whole company with the no of botnets used increasing day by day.
On April 24 the number of infected users was less than 100,000 and the next day it reached to 152,000. The amount of stolen funds has also increased to USD $4.6 million.
Attackers started the campaign in December by tricking users into downloading a malicious version of the wallet by exploiting a flaw in the Electrum software.
To fix the issue, the developers used the same technique as the attacker by exploiting the same flaw in their software to redirect the users to download the latest patch.
In March the developers exploited another flaw unknown to the public to keep away vulnerable clients connecting to bad nodes.
Attackers used this to launch a distributed denial of service (DDoS) attacks against Electrum servers by reversing the scenario making legitimate node overwhelmed and forcing older clients into connecting to malicious nodes.
Researchers also discovered previously undocumented loader called Trojan.BeamWinHTTP which was also used to deliver the ElectrumDoSMiner.
Most of the infections were located in the Asia Pacific region (APAC) and in America, most bots were located in Brazil and Peru.
“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”
You may be interested in reading:Researchers Discovered New Victim of Powerful Triton Malware